Advisories for Maven/Org.folio/Mod-Remote-Storage package

2024

Duplicate Advisory: Hard-coded credentials in org.folio:mod-remote-storage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m8v7-469p-5x89. This link is maintained to preserve external references. Original Description Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.

2023

Hard-coded System User Credentials in Folio Data Export Spring module

The module creates a system user that is used to perform internal module-to-module operations. Credentials for this user are hard-coded in the source code. This makes it trivial to authenticate as this user, allowing unauthorized read access to these mod-inventory-storage records: instances, holdings, items, contributor-types, identifier-types. This includes records marked as suppressed from discovery.

Duplicate

This advisory duplicates another.